Reply to post: Maybe they now could cough up the bug bounty they avoided then?

Story of the creds-leaking Exchange Autodiscover flaw – the one Microsoft wouldn't fix even after 5 years

Anonymous Coward
Anonymous Coward

Maybe they now could cough up the bug bounty they avoided then?

AFAIK, MS ran at the time of that first discovery a fairly substantial bug bounty program. As far as I can tell from the story, it appears Microsoft never paid out for that one and, given the depth and breath of this yes-it's-a-lot-bigger-than-we-admit discovery I think the dosh would be more than due.

However, I won't hold my breath for it, as that would amount to Microsoft admitting that (a) they grossly underestimated/underplayed the seriousness of what was found and (b) it was actually their fault instead of the usual blaming of long suffering administrators and users for not configuring it right, applying patches within msec of a bug being reported or any other excuse that's used on the golf course to stop executives from looking elsewhere for an operating system they can actually trust.

Time to actually do some work on security, but this time for real. Vista's "you moved the mouse, allow yes/no" was an example of how NOT to do it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022